Posted
by
Soulskillon Monday December 14, 2009 @02:43PM
from the i-recommend-the-box-of-rocks-app dept.

blackbearnh writes "As previously reported on Slashdot, PayPal recently released a series of new APIs that allow developers to embed PayPal into their web sites and applications without requiring the user to go to the PayPal web site to complete the transaction. To encourage developers to use these new APIs, PayPal is offering two prizes totaling $150,000 for interesting new applications. The entry deadline to register ideas is December 16th, and O'Reilly has an interview with the director of the PayPal Developer Network that covers the details of the contest. In it, Naveed Anwar talks about why PayPal is throwing money at developers. 'When Facebook opened up their platform, it allowed people to work in that particular environment, in the Facebook environment. When the iPhone opened up their platform, they allowed people to work in their environment which was build the applications on the iPhone. When PayPal was looking at opening up its platform, we are not limited by one particular area. We go into the enterprises. We go into social networking. We go into all the places where payment as a solution is needed. And if we can actually reduce that barrier of entry — because at the end of the day, when anyone is building out a business and anyone is building out an application, they're looking at ways of monetizing it.'"

I wouldn't consider it a ploy at all. Essentially this is what Developers and Producers have wanted from PayPal for a LONG time. There are ways to store your paypal account info in other services (Steam comes to mind) but you always had to go to the paypal site to complete the transaction.

Paypal has never been anything but a processing center. All it ever did was hold your bank accounts and Credit cards online so that you don't have to enter that number in more than one place on the internet. All it ever did was keep the #'s secure, in a sort of "I'll give paypal my money if paypal pays for the product" - thus you only ever have to trust 1 person online. If you ever thought it was anything different, you were sadly mistaken.

Anyways, this is good, it's kind of a "Here's what you asked for" and a little kicker to make sure the rest of the world knows, to help it take off quicker.

Paypal has never been anything but a processing center. All it ever did was hold your bank accounts and Credit cards online so that you don't have to enter that number in more than one place on the internet. All it ever did was keep the #'s secure, in a sort of "I'll give paypal my money if paypal pays for the product" - thus you only ever have to trust 1 person online. If you ever thought it was anything different, you were sadly mistaken.

This new API completely removes that benefit. this makes it so that any paypal merchant can randomly charge whatever they want to my account. Previously I would have had to explicitly approve the transaction.

They are simply making it more convenient for those who do not want to have to explicitly approve each and every transaction. Specifically subscription based items, Like World of Warcraft, Lottery Tickets, online Poker, etc etc.

After hearing so many stories about PayPal requiring people to sign away rights like credit card chargebacks,

You can still do a charge-back to Paypal if you paid with a CC. Of course, PP will probably cancel your account if you do that, but that's why you shouldn't trust your PP account too much, and just use it for buying shit on Ebay. If you need to rely on it more than that, then open multiple Paypal accounts; use one for selling, one for buying, etc. That way, if PP closes one, you'll still have the other one.

and their allegedly arbitrary process of deciding without warning and without due process that you're committing "fradulent" activities, which of course entitles them to take the money from your account or freeze it

Yes, this is why you should NEVER link Paypal to your main bank account. That's just stupid. Instead, have a separate bank account (at a different bank or credit union even), and link your PP account to that. Never keep any substantial amount of money there; just use it as a place to move money to/from your Paypal account. For instance, if you sell a lot of stuff, have a single PP account just for selling, and link that to an empty bank account. Periodically (every few hundred $$$ or so), transfer money from your PP account to the bank account, then withdraw it (in person or by check, whatever's easier) and move it to your main account that way. Don't give PP a path to your main store of funds, that's just asking for trouble.

PAYPAL IS FOR ***.

I won't comment on that, but anyone that trusts PP too much is asking for trouble IMO. However, it is pretty much a "necessary evil" for a lot of online transactions. I have my own little web store I sell some widgets on, and PP is the only realistic way to get money from people all over the world without asking them to send me money orders, which would result in very few sales, or having to pay thousands of $$$ to set up a credit card merchant account (these fees are probably more money than I've made selling my little widgets). It's entirely possible to use PP and set yourself up so that you're protected in case they try to screw you over.

I'm not blaming the victim at all, but you do have to realize that when Paypal gets entangled with your main bank account, that's a BIG vulnerability, and there's been lots of horror stories involving Paypal stealing money from someone's account over a dispute or whatever. A prudent person recognizes risks, and takes steps to avoid them; I just suggested some steps to avoid excessive risk when dealing with Paypal. They can't suck money out of an account if there's no money there.

Paypal has never been anything but a processing center. All it ever did was hold your bank accounts and Credit cards online so that you don't have to enter that number in more than one place on the internet. All it ever did was keep the #'s secure, in a sort of "I'll give paypal my money if paypal pays for the product" - thus you only ever have to trust 1 person online. If you ever thought it was anything different, you were sadly mistaken.

>> I'm waiting for "All it ever did was keep the #'s secure" and "you only ever have to trust 1 person online" to seem like a BAD thing. I mean, there has to be a problem with that for them to be throwing that way. Maybe you can explain it to me.

I'll explain. Imagine using Pandora or Lala or whatever kids use these days to listen to music. You like some very obscure artist, and want to buy the (physical) CD online. To buy the CD you can:

It makes no difference. Either you can trust the site or not. I mean if you go through a transaction with them after logging into to Paypal does it really make a difference? Paypal sends you an email for each purchase, and if it's not right you can respond immediately. You can change your password if you suspect the site of phishing.

Any site I'll be entering my Paypal Info will have an SSL of its own that I have to login with different details.

Which is why the current paypal system works better. I dont have to buy a Security certificate for my web store. you order your crap and buy it on my non-secure site, and when it needs to be secure, it drops you to paypal where you verify the amount and click on "yes, send the money"

I have ZERO interest in using their new system if it will cost me more money by having to buy a cert I really do not need.

Wow, is the above wrong... even if the site is "trustworthy" today and they ship the product, they shouldn't be collecting your password. They could then use that to buy some cool shit from walmart.com two years later and you'd have no idea what happened and not even have the simple protections your regular old visa card offers.
I suspect the paypal API uses OAuth or some kind of token system or else it'd be totally crazy.

I think the point you are missing is that this is not replacing the old system: it is an addition. You can still use paypal EXACTLY how it was before, completely secure and all that.

This is merely allowing Paypal to do subscription based services without explicitly requiring a user "Yes" every single month. Before now you HAD to enter your credit card to these websites, websites you could deem insecure. Websites that would steal your credit card info as easily as they would steal your paypal username and pa

You still don't get it. I would much rather give a shady company my credit card number than my paypal password. With my paypal password they can make authenticated purchases as me and there's nothing I can really do about it and my credit card protections won't really apply. However if they misuse the credit card number, I'm not responsible for any purchases the assholes make and the ccard company will locate the guy and have him arrested -- all while I'm sleeping.

Of course it makes a difference. You are potentially allowing the site to take as much as they like from your account, whereas by instead logging into the PayPal page, the merchant never has to even know what method you use to authenticate with PayPal and will only provide the amount of funds shown on the payment confirmation page to the merchant.

With the second method, there is no requirement to trust the merchant with anything more than the value of the single transaction, your name and your delivery addr

Exactly my thoughts when I heard this. I once implemented half a dozen pretty different payment APIs into a web page.There are only two ways to make this secure:

1. Direct the user to PayPal, and then let PayPal direct him back, sending a special encrypted session id and/or data forth and back.2. Embedding a Java applet in the page, which has a certificate, and so can communicate directly with PayPal (encrypted) and your server (also encrypted). Then call a Javascript function, to load the next page, where,

It also lets you verify the address bar. The Java applet, though secure, does not. If a phishing site builds a Java applet to mimic the secure one, you have no way of detecting it short of viewing the source of the page in question.

I can just see it now.... You will even be able to "twitter" your money away. Well they "twitter" about everything else in life, why not how much you spend or how much you make? Sounds like a really dumb idea, so I wonder how long before someone actually implements it?

There are literally billions of dollars waiting to be spent in increments as low as fractions of a cent at a time, and yet the infrastructure and fee systems are keeping that commerce from taking place.

Infrastructure costs money. Today you can go anywhere - to a store or on the internet - and purchase something with a credit card and the tranaction will be approved in a matter of seconds. It took many years and LOTS of money to create that infrastructure.

PayPal operates like, and should be regulated like, a bank. The way they have treated their customers, like me, and many, many, many others, should be a warning to all; You can't afford to do business with PayPal. They will seize your money, and when they do, it will be months before you see a resolution. The horror stories are true: I know, I have mine.

Mod parent up. PayPal needs to become a regulated bank. Until then, take your business elsewhere, to sites that accept credit cards. If someone can't qualify for a merchant account, you probably don't want to deal with them anyway.

>> PayPal needs to become a regulated bank. Until then, take your business elsewhere, to sites that accept credit cards. If someone can't qualify for a merchant account, you probably don't want to deal with them anyway.

You are confusing things. PayPal is fine for the buyer, and is usually better that creating another account to buy one time something.

For the seller, they are terrible^4. This is why Google Checkout is taking over.

I buy things from Google Products all the time. As a buyer, there is a lo

Google's Checkout is a failure, much like most every other Google product other than search. Now that Google Checkout is the same price (or in some cases, more expensive) than PayPal, yet less feature rich, I assume it will just disappear in time like every other PayPal challenger.

i agree that paypal needs to be regulated, but most problems are people not following the instructions. like when you accept payment make sure it's only from verified people and send only to confirmed addresses. and use a tracking #, insurance and signature confirmation for expensive items. the #1 rule is only send to confirmed addresses. i haven't sold on ebay for a long time but my rule was anything over $15 or $25 had to go to a confirmed address. my auction stated that all paypal payments had to be sent

I agree: while they should perhaps have some limited regulation, I've been using them for nearly as long as they've been around without any problem, for both personal and business. A really big plus is that I don't have to have the responsibility of dealing with credit card security. I would *never* enter paypal credentials into a random web site, but haven't looked at the new api yet to see if that's really what they're doing. It would be really stupid for them to do that. I'd venture to guess that fra

I don't know about the US, but in Europe PayPal's User Agreement [paypal.com] says that it is "licensed as a Luxembourg credit institution". Also I don't really get where all the hate for PayPal comes from.Yes I read a dozen times that they froze the account of SomethingAwful or some loud-mouthed bloggers under dubious circumstances, but for me it always worked just fine. Actually I really like PayPal because it allows me to send a seller money that is instantly credited to his account, without trust issues on either si

I got a warning from PayPal saying that I am getting close to my 'send limit'. I've been using it for probably 6 - 8 years now, and now they're telling me I have to 'confirm' my identity in order to continue using their service. Confirmation requires me 1. giving them my bank account number or 2. getting a PayPal credit card.

Why the fuck would I want to do that? And if it really is for security purposes, why can't I just fax my driver's license?

Once a week, transfer everything out of PayPal to your real bank; you know, the one regulated by the FDIC, has potential to earn interest, and you use to pay all your bills.

So, you take a fee-hit every time you do so. Either suck it up, buttercup and consider it a business expense --OR-- figure out how much you would spend on a real Merchant Account so you can accept credit cards, plus the time, energy, and reso

At my store, about 1 in 100 use Paypal if given the choice. You're losing out on a lot of business if you don't accept credit cards. Try authorize.net or if you want to stick to Paypal, Payflow.
Paypal is fine for a hobby business, but if you're trying to make a living, you need to take plastic.

It's probably paypal's last attempt at getting someone to care. They're probably just now realizing that the winner of this thing is going to be some incredibly boring shopping cart script written in PHP because it's going to be the only entry.